<?php
    session_start();

    require_once 'db.php';
    if (!isset($_SESSION['user']))
    { 
        if (isset($_POST['username']) && isset($_POST['passwd']))
        {
            $username = $_POST['username'];
            $password = $_POST['passwd'];

            $sql = "select userid,username,password from users where username = \"$username\" and typeid != 3;";
            
            $user = $db->fetch_first($sql); 
            
            if (strcmp($user['password'], md5($password)) == 0)
            {
                $userinfo['name'] = $user['username'];
                $userinfo['id'] = $user['userid'];
                $_SESSION['user'] = $userinfo;
                header("Location:index.php");
            }
            else
            {
                header("Location:login.php?retry=1");
            }
        }
        else
        {
            header("Location:login.php");
            exit(0);
        }
    }
    header("Location:index.php");
?>
